Create a self-signed certificate for your web server with PowerShell

Sometimes you may need SSL certificate just for testing your (local) web application. Of course, for public and trusted purposes, you’ll probably use free Let’s Encrypt certificate or something similar (or, of course, any of the paid options).

And this is OK as long as you have publicly resolvable domain name.

But what if you need certificate for, let’s say, “localhost” or “webserver.local”?

Then you’ll probably use your internal PKI infrastructure or a simple self-signed certificate.

Second one can be easily achieved with PowerShell, by using the New-SelfSignedCertificate cmdlet (or with OpenSSL, yes 🙂).

So, let me show you how.

We have a simple IIS setup hosting a single (default) website, responding to http://localhost/:

We’ll issue a new self-signed certificate, make it trusted (important!) and then attach it to our test website, with following:

If everything goes well, we will see another binding created in our IIS console:

And if we open https://localhost/, all should be good as well:

Cheers!

Checking certificate expiration with PowerShell

Had an idea to write some (PowerShell) script which will check and maybe notify me of certificates that are nearing expiration for a bunch of (public) sites that… somewhat matter to me. 😊

As it turns out, someone already had this idea and wrote very nice PowerShell script that does just that, available here – thank you!

While testing it, there were sites on which the script worked just fine, and there were sites on which I got errors like this one (Error: “String was not recognized as a valid DateTime.”):

Seems to be connected to my regional settings (I know… who would ever use hr-HR instead of en-US, but… 😊) and date/time formatting:

I’ve tried to fix it in a couple of ways, but the one that finally did it (for me) was explained on Dan Sheehan’s blog (thanks!), implemented on lines 25-26 below.

So, my adapted script looks like this (and works with my hr-HR culture):

It provides the following output (which can be further customized per your needs, of course… and I know – need to insert some line breaks, convert output to HTML, send it via e-mail, … it’s a start! 😊):

Note that I’m returning expiration date “the Croatian way”, by using the following formatting:

Hope it helps someone (and #kudos to original authors)!

Cheers!

Renewing the expired Office Online/Web Apps Server farm certificate

Certificates sometimes expire… it happens! 🙂

But what happens if the certificate for your Office Online Server (OOS) or Office Web Apps Server (OWAS) farm expires and your farm is not available anymore?

Obviously, OOS farm and your Skype for Business, Exchange & SharePoint integration stops working. Next thing to do will be to renew the expired certificate.

But how?

My MVP colleague Andi Krüger did a nice blog post on updating the farm certificate, and it’s fairly simple – Set-OfficeWebAppsFarm -CertificateName “RenewedOOSInternalCertificate” should do the trick… if your farm is running.

If things got out of hand and your farm is not running anymore and you cannot use the Set-OfficeWebAppsFarm cmdlet (you’ll see that Office Online (WACSM) service is Stopped and cannot be brought back up with the expired certificate and your machine is showing that it’s no longer part of the farm), you’ll need to take a different approach, because you’ll be getting errors when running the above mentioned command (like “It does not appear this machine is part of an Office Online Server farm.” or similar).

WACSM Service is Stopped and and your machine is showing that it’s no longer part of the farm

One of the possible solutions would be:

  • make a note of the Friendly Name of your old (expired) certificate (MMC or PowerShell) (in my case it’s called “OOSInternalCertificate“)
  • remove the expired certificate
  • renew/request/install the new certificate
  • change the Friendly Name of a new certificate to match the previous one
  • start the Office Online (WACSM) service or restart the machine
  • (copy the certificate/do the procedure on other farm members, if needed)

Everything is back normal

Your farm operations should now be restored and you can run Get-OfficeWebAppsFarm cmdlet normally:

Or you can open up the farm’s discovery URL – if it’s rendering again, everything should be OK (in my case “https://oos.myfarm.local/hosting/discovery“):

Even the discovery works

Cheers!